PC demos and malware detections...
category: general [glöplog]
I am a demonstration/demo. fan. Lately, I noticed many more new PC graphic demos are compressed and lots of antimalware scanners are detecting possible malwares.
For examples with two latest top of the month PC/Windows graphic demos:
http://pouet.net/prod.php?which=55300
http://pouet.net/prod.php?which=55336
I extracted them and ran Malwarebytes' Anti-Malware (free) and it found their EXEs infected.
I compressed them into a zip file to save extra time and uploadings to online multiple file scanners and got these results:
http://virusscan.jotti.org/en/scanresult/890ca2bc925b8d02def95ff1af06bc93b2f00d35
http://www.viruschief.com/report.html?report_id=0d6340eb71ee7e6f290c2b8a3ad4ff98cf3542b2
https://www.virustotal.com/analisis/69b5e1382e5cef213c2eeb9454991ddf9d55a5977db48f428f16fba8ac57db41-1279388930
http://www.virscan.org/report/a89f93cde80a9170c0fc3011b181f4f7.html
What do you guys usually do? Do you risk them? I remember back in the late 90s, I got hit by a DOS demo that resetted my CMOS to defaults after rebooting. :( I don't think I scanned it too back then. What do you guys usually do? I usually try to find captured videos to stay clean. I don't have another fast PC to try them and doing backups of my big HDDs and restores is a pain.
For examples with two latest top of the month PC/Windows graphic demos:
http://pouet.net/prod.php?which=55300
http://pouet.net/prod.php?which=55336
I extracted them and ran Malwarebytes' Anti-Malware (free) and it found their EXEs infected.
I compressed them into a zip file to save extra time and uploadings to online multiple file scanners and got these results:
http://virusscan.jotti.org/en/scanresult/890ca2bc925b8d02def95ff1af06bc93b2f00d35
http://www.viruschief.com/report.html?report_id=0d6340eb71ee7e6f290c2b8a3ad4ff98cf3542b2
https://www.virustotal.com/analisis/69b5e1382e5cef213c2eeb9454991ddf9d55a5977db48f428f16fba8ac57db41-1279388930
http://www.virscan.org/report/a89f93cde80a9170c0fc3011b181f4f7.html
What do you guys usually do? Do you risk them? I remember back in the late 90s, I got hit by a DOS demo that resetted my CMOS to defaults after rebooting. :( I don't think I scanned it too back then. What do you guys usually do? I usually try to find captured videos to stay clean. I don't have another fast PC to try them and doing backups of my big HDDs and restores is a pain.
just add your download dir where you put intros to the ignore-list of your AV
Maali: No, I am talking about the risks of running them. How do you know they don't jack up your system like I had back in the late 1990s/90s?
if the group name doesnt really ring a bell.. just wait till a prod got a few comments? if they arent going like 'YOU FUCKER. YOU FLASHED MY BIOS' i assume it's safe to watch it :D
Maali: I can't keep up with group names and also people can make fake releases. ;)
in that case i'll just refer to havoc's post
Havoc's post? Please kindly elaborate.
lol
### police report: demoscene prods trigger AV scanners illegaly ###
antdude: both are 64k intros packed with Kkrunchy. Most exe files packed with it, if not all, are flagged as malware/trojan/virus by a lot of AV softwares.
And since most 64k use it as well... :)
And since most 64k use it as well... :)
Keops: So antimalware companies need to flag Kkrunchy's code as OK? Or is each KKrunchy compiled EXEs different from others? I am not a programmer so I don't know how that works.
it's called false positives. AV just associate tampered exe headers as smth bad per se, while packers mean no harm they just get flagged by AV as such.
i think you should only be worried if a flagged 64k intro actually exceeds 64kb :P
dude, just use a mac
plaf: Use a Mac? Then, I won't be able to watch most of the newest pure Windows demos! And running in virtual isn't nice. And Macs are expensive. :P
How about running demos on a friend's computer, then for some other reasons he gets a virus or screws up something and he accuses you of infecting it with virii with your bloody demoes :P
My AV just detected a severe lack of a sense of humour in antdude.exe but I don't think it's a false positive this time.
On a more sensible note, I can't believe all that money some people waste on Norton et al. has been used to make such a lazy product. They can only scan for tampered headers rather than check if the tampering is malicious? Shit, I don't even fucking use anti-vi"($)("L::"<":£P"(I"(I)"(I$)("$("":"£"£<£?"?"£~####DO YOU REALLY WANT TO REMOVE MOBO BATTERY? [OK]####
On a more sensible note, I can't believe all that money some people waste on Norton et al. has been used to make such a lazy product. They can only scan for tampered headers rather than check if the tampering is malicious? Shit, I don't even fucking use anti-vi"($)("L::"<":£P"(I"(I)"(I$)("$("":"£"£<£?"?"£~####DO YOU REALLY WANT TO REMOVE MOBO BATTERY? [OK]####
HAHAHAHAHAHA
Quote:
And running in virtual isn't nice.
Oh, but watching captures on YouPoop is better?